It’s actually kind of brilliant: they used a trojan called DNSChanger pretending to be a video codec (one guess what kind of video the infected were trying to watch) to, essentially, take control of all outbound internet traffic on an infected computer, infected millions of computers, and then redirected all the traffic to their servers, making advertisers think they were getting legit clicks and making them millions in supposedly legitimate dollars. And most of the infected didn’t even notice.

Of course, it all fell apart once these things infected U.S. government computers: our government doesn’t take kindly to getting ripped off.